Skip to Main Content
Apache Events The Apache Software Foundation
Apache 20th Anniversary Logo

This was extracted (@ 2023-02-28 12:10) from a list of minutes which have been approved by the Board.
Please Note The Board typically approves the minutes of the previous meeting at the beginning of every Board meeting; therefore, the list below does not normally contain details from the minutes of the most recent Board meeting.

WARNING: these pages may omit some original contents of the minutes.
This is due to changes in the layout of the source minutes over the years. Fixes are being worked on.

Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).

Standardise privacy policy for foundation websites

18 Jan 2023

 WHEREAS, the Board of Directors deems it to be in the best interests
 of the Foundation and consistent with the Foundation's purpose to
 standardise privacy policy across all public facing Foundation web
 sites; and

 WHEREAS the Board of Directors has previously delegated responsibility
 for establishing privacy policy to VP, Privacy;

 NOW, THEREFORE, BE IT RESOLVED, that the Apache Software Foundation
 Privacy Policy is the new standard for all websites hosted by the
 Foundation."

 The full text of the public facing foundation websites can be found
 here: https://privacy.apache.org/policies/privacy-policy-public.html

 The full text of the policy:

 This Privacy Policy clarifies the nature, scope and purpose of the
 processing of personal data (hereinafter referred to as “Data”) within
 our online offering and the related websites, features and content, as
 well as external online presence, e.g. our social media profiles on
 Twitter, Facebook, YouTube and similar sites (collectively referred to
 as “online presence”). With regard to the terminology we use, e.g.
 “Processing” or “Responsible”, we refer to the definitions in Article
  4 of the General Data Protection Regulation (GDPR).

 1. Name and contact details of the controller and the company data
    protection officer This privacy policy applies to data processing
    by:

 Responsible:

 The Apache Software Foundation V. P. Data Privacy 1000 N West Street,
 Suite 1200 Wilmington, DE 19801 U.S.A.

 E-Mail: vp-privacy@apache.org

 2. Collection and storage of personal data and the nature and purpose
    of their use a) When visiting the website Log files When you visit
    our websites (full list of domains) or one of our subdomains, the
    browser on your device automatically sends information to the
    server of our website. This information is temporarily stored in a
    log file. The following information is being collected without your
    intervention and stored until automated deletion:

 The IP address of the requesting computer The date and time of access
 The name and URL of the retrieved file The website from which access
 is made (referrer URL) Geo information of the location from which
 access is made The browser used and, if applicable, the operating
 system of your computer and the name of your access provider The data
 mentioned are processed by us for the following purposes:

 Ensuring connectivity of our website Ensuring a use of our website, of
 which we think is comfortable for you Evaluation of system security
 and stability Other administrative purposes The retention time for
 this data is 90 days.

 The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f
 GDPR. Our legitimate interest follows from the data collection
 purposes listed above. In no case do we use the collected data for the
 purpose of drawing conclusions about you. In addition, we use cookies
 and analysis services when you visit our website. Further details can
 be found under no. 4 and 5 of this privacy policy.

 Matomo In addition to log files, some of our websites use Matomo to
 understand what parts of the website are important to our users, what
 features are most frequently accessed, where users get lost in the
 documentation, etc. This data allows us to better understand how users
 use the system, the website, and the docs and where to focus
 improvements next.

 The collected information consists of the following:

 The IP address from which you access the website The type of browser
 and operating system you use to access our site The date and time you
 access our site The pages you visit If you click on any of the file
 download links on our website The addresses of pages from where you
 followed a link to our site The addresses of pages you go to from our
 site The search terms you use on the website This information is
 gathered and stored using the open source software Matomo. We don’t
 use any cookies to collect this information. An IP address is
 anonymized by removing the last two octets from the IP address. That
 means that if your IP is 192.168.100.50, we store it as 192.168.0.0.

 Matomo is self-hosted on a virtual machine provided by the Apache
 Software Foundation. It can only be accessed by members of the Apache
 Privacy committee. The data can be viewed by anyone by visiting
 https://analytics.apache.org/.

 Matomo respects any Do Not Track setting in your browser. You can also
 opt-out from all Matomo tracking below.


 b) When registering for our newsletter and mailing lists If, pursuant
 to Art. 6 para. 1 sentence 1 lit. a GDPR, you have expressly
 consented, we use your e-mail address to periodically send you our
 newsletter. For the receipt of the newsletter the indication of an
 e-mail address is sufficient.

 We inform our visitors at regular intervals through newsletters about
 news and offers from The Apache Software Foundation.

 The newsletter of our Foundation can only be received if (1) the data
 subject has a valid e-mail address and (2) the person concerned
 registers for the newsletter. For legal reasons, a confirmation e-mail
 will be sent to the e-mail address entered by an affected person
 before the first time of sending the newsletter, using the
 double-opt-in procedure. This confirmation email is used to check
 whether the owner of the e-mail address is the person who authorized
 the receipt of the newsletter.

 When you subscribe to the newsletter, we store the date and time of
 registration and the email address. The collection of this data is
 necessary for us to understand the (possible) misuse of an affected
 person’s e-mail address at a later date and therefore serves as legal
 safeguards for the controller.

 The personal data collected in the context of registering for the
 newsletter is used exclusively to send our newsletter.

 Subscribers may also be notified by e-mail if this is necessary for
 the operation of the newsletter service or registration, as might be
 the case in the event of changes to the newsletter/mailing list or
 technical changes.

 There will be no transfer to third parties of the personal data
 collected as part of the newsletter service.

 Subscription to our newsletter may be terminated by the person
 concerned at any time. Consent to the storage of personal data that
 the person has given us for the newsletter dispatch can be revoked at
 any time. For the purpose of revoking the consent, instructions are
 given by the end of each newsletter email.

 c) When registering for our mailing lists If, pursuant to Art. 6 para.
 1 sentence 1 lit. a GDPR, you have expressly consented, we use your
 e-mail address to send you messages arriving at our mailing lists. For
 the receipt of the mailing list message the indication of an e-mail
 address is sufficient.

 Visitors may communicate with us through our mailing lists.

 The mailing list messages of our organisation can only be received if
 (1) the person concerned has a valid e-mail address and (2) the person
  concerned registers for the mailing list. For legal reasons, a
  confirmation e-mail will be sent to the e-mail address entered by an
  affected person for the first time using the double-opt-in procedure.
  This confirmation email is used to check whether the owner of the
  e-mail address authorized the receipt of the mailing list messages.

 When you subscribe to a mailing list, we store the date and time of
 registration and the email address. The collection of this data is
 necessary for us to understand the (possible) misuse of an affected
 person’s e-mail address at a later date and therefore serves as legal
 safeguards for the controller. When a mailing list is archived, the
 log file will be deleted.

 The personal data collected in the context of registering for a
 mailing list will be used exclusively to send messages arriving at
 that mailing list.

 Subscribers may also be notified by e-mail if this is necessary for
 the operation of the mailing list service or registration, as might be
 the case in the event of changes to the mailing list or other
 technical changes.

 We will not actively transfer to third parties any personal data as
 part of the mailing list service. However, almost all of our mailing
 lists are of a public nature.

 This means, your name and email may be exposed to the public. Also,
 all information you send to a mailing list will be exposed to the
 public. Third parties may collect this information and process it
 separately. The sender of messages is responsible if they expose their
 personal data to the public.

 All content sent to mailing lists is archived indefinitely. By using
 our mailing list service, you agree that any content is archived in
 that way.

 Subscription to our mailing lists may be terminated by the person
 concerned at any time. The consent to the storage of personal data
 that a person has given us for the mailing list dispatch can be
 revoked at any time. For the purpose of revoking the consent,
 instructions are given by the end of every email.

 3. Disclosure of data Transfer of your personal data to third parties
    for purposes other than those listed below does not take place. We
    only share your personal information with third parties if:

 You, in accordance with Art. 6 para. 1 p. 1 lit. a GDPR, have given
 express consent to this. Disclosure pursuant to Art. 6 para. 1
 sentence 1 lit. f GDPR is required to assert, exercise or defend legal
 claims and there is no reason to assume that you have a predominantly
 legitimate interest in not disclosing your data. Disclosure pursuant
 to Art. 6 para. 1 sentence 1 lit. c GDPR is a legal obligation. As
 permitted by law and according to Art. 6 para. 1 sentence 1 lit. b
 GDPR, disclosure is required for the settlement of contractual
 relationships with you.

 4. External service providers The Apache Software Foundation uses the
    following external service providers who help to optimize its
    services. Insofar as these service providers process data on behalf
    of The Apache Software Foundation, agreements have been concluded
    with them which set the European data protection standards as
    binding and, in particular, prohibit the use of the data for other
    purposes. If we commission third parties to process data on the
    basis of a so-called “contract processing contract”, this is done
    on the basis of Art. 28 GDPR.

 The full list of providers is located in the full privacy policy page
 at https://privacy.apache.org/policies/privacy-policy-public.html

 5. Social Media Plug-ins We rely on our website on the basis of Art. 6
    para. 1 sentence 1 lit. f GDPR social plug-ins from the social
    networks Facebook, Twitter and Instagram to make our company better
    known. The underlying commercial purpose is to be regarded as a
    legitimate interest within the meaning of the GDPR. Responsibility
    for operation compliant with data protection is to be guaranteed by
    the respective providers. The integration of these plug-ins by us
    is done by means of the so-called two-click method to protect
    visitors to our website in the best possible way.

 a) YouTube On our website we have integrated components from YouTube.
 YouTube is an internet video portal that allows video publishers to
 freely watch video clips provided by other users for free viewing,
 rating and commenting. YouTube allows the publication of all types of
 videos, so that both complete film and television broadcasts, music
 videos, trailers and user-made videos uploaded via the YouTube
 internet portal are available.

 YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San
 Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc.,
 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

 Each visit to one of the pages of this site operated by the controller
 and incorporating a YouTube component (YouTube video) will
 automatically cause the Internet browser on the subject’s information
 technology system to download an illustration of the corresponding
 YouTube component from YouTube. More information about YouTube can be
 found at https://www.youtube.com/yt/about/en/. As part of this
 technical process, YouTube and Google are aware of the specific
 location of our site visited by the person concerned. If the person
 visiting our site is logged in to YouTube at the same time, YouTube
 calls a sub-page containing a YouTube video for the person visiting
 our site. This information is collected by YouTube and Google and
 associated with the individual YouTube account.

 YouTube and Google will always receive information through the YouTube
 component that a person has visited our website if the person is
 logged into YouTube at the time of access to our website; this happens
 regardless of whether the person clicks on a YouTube video or not. If
 such transmission of this information to YouTube and Google is not
 wanted by the person visiting our site, they can prevent the
 transmission by logging out of their YouTube account before visiting
 our website.

 YouTube’s privacy policy, available at
 https://www.google.com/intl/en/policies/privacy/, identifies the
 collection, processing, and use of personally identifiable information
 by YouTube and Google.

 7. Affected rights You have the right:

 in accordance with Art. 15 GDPR, to request information about your
 personal data processed by us. In particular, you can request
 information on the processing purposes, the category of personal data,
 the categories of recipients to whom your data has been disclosed, the
 planned retention period, the right to rectification, deletion,
 limitation of processing or opposition, the existence of a right to
 complain, the source of your data, if not collected from us, and the
 existence of automated decision-making including profiling and, where
 appropriate, meaningful information about your data. in accordance
 with Art. 16 GDPR, to demand the immediate correction of incorrect or
 complete personal data stored with us. in accordance with Art. 17
 GDPR, to demand the deletion of your personal data stored by us,
 unless the processing is required for the exercise of the right to
 freedom of expression and information, for the fulfillment of a legal
 obligation, for reasons of public interest or for the assertion,
 exercise or defense of Legal claims. to demand the restriction of the
 processing of your personal data according to Art. 18 GDPR, as far as
 the accuracy of the data is disputed by you, the processing is
 unlawful, but you reject its deletion and we no longer need the data,
 but you assert this, in the exercise or defense of legal claims or you
 have objected to the processing in accordance with Art. 21 GDPR. in
 accordance with Art. 20 GDPR, to receive your personal data provided
 to us in a structured, standard and machine-readable format or to
 request transmission to another person. according to Art. 7 para. 3
 GDPR, to revoke your once-given consent to us at any time. As a
 result, we are not allowed to continue processing of data based on
 this consent for the future. to complain to a supervisory authority
 pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory
 authority of your usual place of residence or work or our office.
 8. Right to object If our retention of your personal data is based on
    legitimate interests in accordance with Art. 6 para. 1 sentence 1
    lit. f GDPR, you have the right to file an objection against the
    processing of your personal data in accordance with Art. 21 GDPR,
    provided that there are reasons for this arising from your
    particular situation or the objection is directed against direct
    mail. In the latter case, you have a general right of objection,
    which is implemented by us without specifying any particular
    situation. If you would like to exercise your right of revocation
    or objection, please send an e-mail to vp-privacy@apache.org.

 9. Data security We use the popular SSL (Secure Socket Layer) method
    during your site visit, in conjunction with the highest level of
    encryption supported by your browser. In general, this is a 256-bit
    encryption. If your browser does not support 256-bit encryption, we
    use 128-bit v3 technology instead. Whether a single page of our
    website is encrypted is shown by the closed representation of the
    key or lock icon in the lower status bar of your browser.

 We also take appropriate technical and organizational security
 measures to protect your data against accidental or intentional
 manipulation, partial or total loss, destruction or unauthorized
 access by third parties. Our security measures are continuously
 improved in line with technological developments.

 10. Updating and changing this privacy policy This privacy policy is
     currently valid and is valid as of 2022-04-21.

 As a result of the further development of our website and offers
 thereof, or due to changed legal or official requirements, it may be
 necessary to change this privacy policy. The current privacy policy
 can be viewed and printed by you at any time on the website at
 https://privacy.apache.org/policies/privacy-policy-public.html. Some
 impacts of it can be found here:
 https://privacy.apache.org/faq/committers.html

 Special Order 7B, Standardise privacy policy for foundation
 websites, was approved by Unanimous Vote of the directors
 present.